Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Operational Risk Management (ORM)

ORM Overview

ORM is a subset of Enterprise Risk Management (ERM). More specifically, ORM addresses operational and compliance risks and is thought of as an extension of process safety. The goal of ERM is to mitigate financial, operational and compliance risks to an acceptable level through policies, systems and procedures.

In effect as the market has moved away from compliance to risk management, ORM is an evolution of traditional EHS compliance.  In traditional ERM vs. ORM language, ORM is focused on everything that is non-financial in nature… although as we’ve discussed, in reality all types of risk have the potential for financial impact.

This shift has largely been driven by companies starting to plateau in safety and environmental performance (i.e. Total Recordable Incident Rate).  To make risk management more practical, companies are starting to broaden their view of risk management to include non-EHS areas such as supply chain, operations, maintenance, capital projects, and engineering.  The outcome is a risk registry that looks at all operational risks through a lens that creates a level playing field to properly prioritizing and actioning issues in real-time.  While EHS / PSM compliance are foundational to privilege to operate, having a comprehensive ORM framework goes far toward getting away from after the fact “reactive” compliance is key in identifying threats before they materialize.

Hazard/Consequence graphic

The current view of ORM that seems to permeate the analyst community is primarily focused on traditional EHS compliance activities such as Audit, PHA, Incident Investigation, and Corrective Action Management. Other tools such as Bowtie analysis and work permitting are added into the viewpoint…but the focus is still firmly on traditional, siloed tactics specific to EHS or compliance activities. Because EHS and compliance do not focus on risk of production loss through inefficiencies, poor asset management, workforce competency, and conduct of operations, the typical EHS-first view of ORM doesn’t really address real risks that can have significant impact on an organization’s future.

In its simplest form, Enterprise Risk Management (ERM) is the holistic business approach an entity uses to manage the various threats and opportunities it encounters while accomplishing its mission. Risk is defined as any event that impacts a company’s ability to meet its objectives (losses and opportunities). So, creating an enterprise level system to manage risk (an ERM system) allows an organization to transparently communicate business risk to internal and external stakeholders.

The following is a maturity roadmap to manage operational risk:

Maturity Roadmap graphic

Business Benefits

Business Benefits graphic

Services

At Operational Sustainability, LLC, we help you devise a strategy for Operational Risk Management. From Process Safety, to cultural alignment coupled with ORM, we have you to ensure your privilege to operate is not at risk. We help create a comprehensive risk registry so that as threats emerge in real-time you are proactively notified so that you can evaluate mitigation options.

Technical Content

Integrations

ORM is an extension of PSM/RMP. Basic ORM as depicted in the maturity roadmap addresses core compliance activities including Work Permitting, Job Safety Analysis, Barrier Management and Management of Change. OESuite™ integrations to support Basic ORM include: Incidents with MOCs; PHAs, Audits and Incidents with Corrective and Preventative Action (CAPA); and Barrier Management with Incident Investigation.

Additional integrations move to a single source of truth in the Core and Advanced maturity stages of ORM. For example, in the Core stage, a risk registry begins to take shape as a result of interoperability, with the Advanced stage leading to Asset Performance Management and Comprehensive Conduct of Operations.

OESuite integrations that support these maturity advancements include:

  • Procedures with Document Management and Process Safety Information for comprehensive Engineering Content Management
  • Organizational Change with MOC
  • Incident Management with Production Losses to enable Enterprise Loss Management
  • SIS and Alarm Management with PHA to complete the safety lifecycle
  • Spares Optimization as an extension of RCM
  • Asset Performance management as the result of Asset Strategy combined with Mechanical Integrity

Testimonials

For Industry